The SRAP is a portal server add-on that enables end users to securely access enterprise web content using only a standard web browser with a Java virtual machine. Learn the best practices for the SRAP and how to configure it to leverage existing corporate intranet content while enabling flexibility for future growth.

Like this article? We recommend

Like this article? We recommend

Sun ONE Portal Server 3.0 Rewriter Configuration and Management Guide

How can a network administrator provide secure remote access to portal users
who need to download and interact with web documents and web applications that
are behind a strict firewall? There are three widely used technologies for
providing remote users access and interaction with web documents residing behind
a strict firewall:

Virtual private networks (VPNs)

Secure reverse proxies

URL rewriting

The first and most inflexible solution is to use a VPN. VPNs have two major
advantages over the other two solutions in that no internal content needs to be
modified, nor does the solution administrator need any inherent knowledge about
the contents of the web documents for the documents to be viewable through the
VPN connection. One major disadvantage, leading to the inflexibility of a VPN
connection, is that all network traffic must be directed through the VPN to
ensure its complete security. This can result in bottlenecks that could be
avoided. Additionally, VPNs typically require client-side software to be
installed. This is not feasible in the case of a nomadic user who needs to
access privileged data through an Internet kiosk or similar means of connecting
to the secure network.

The second solution is to use a secure reverse proxy. Like a VPN, the reverse
proxy does not require internal content to be modified. The major disadvantage
of using a reverse proxy is that every URL used to retrieve a document or access
a web application must have explicit mappings that reside on the proxy. This
means that embedded URLs must also have a URL mapping for the proxy to work
successfully.

The third solution, and the primary focus of this document, is URL rewriting.
The basic premise of URL rewriting is that browser requests always come back to
a single location (gateway) when the request is for internal content, and the
request goes directly to the public content server. Otherwise, sometimes
referred to as VPN-on-demand, URL rewriting does not unnecessarily put
stress on the network. It provides the needed security only when accessing
potentially sensitive internal web sites or downloading sensitive
information.

Intended Audience

This guide builds on, and in some cases reiterates, what is presented in
Chapter 8 of the Sun ONE™ Portal Server Administration Guide.
Specifically, it addresses real-world deployment scenarios and
rewrite-by-example conventions.

This guide is targeted at Sun ONE Portal Server administrators. You are
expected to be somewhat familiar with Portal Server terminology and have an
extensive understanding of web application development and deployment.

You are also expected to be familiar with HTML SPEC. 4.0 tag syntax,
JavaScript™ conventions, and the client-server relationship. Knowledge of HTTP
and OOP programming is helpful as well. Programming examples are provided;
however, the audience is expected to know what the examples actually do. In some
cases, code snippets are provided. The audience must be able to understand how
that code snippet relates to the larger context that the example is meant to
illustrate.